I'm testing Flexible SSL on a newly installed Joomla site in preparation for the production site. However it doesn't seem to work.
Using default Joomla configuration: website loads, but content like CSS files and images are not loading, even though all the paths are relative. It's interesting to note that if I access the CSS files directly (with https) they show up fine.
If I configure Joomla for Force SSL, then the notorious redirect loop occurs.
What I've done so far:
- Set up Cloudflare page rule for http://mysub.domain.com/* to redirect to https, and making sure the subdomain mysub is routing through Cloudflare. This part is working, so the redirection works.
Installed and enabled the Cloudflare Joomla plugin
.htaccess file is NOT used in this case
When Joomla's Force SSL is set to No, the Joomla constant JURI::root() returns http://mysub.domain.com, even though the site is accessed via https://mysub.domain.com. This means that internally, Joomla still views this as a http site. The only way to change this is to enable Force SSL, but that will result in the redirection loop.
I have searched everything, from Cloudflare's FAQ to Stackoverflow and Stackexchange, so I'm really out of ideas. Any assistance will be greatly appreciated, thanks!
It is probably best if you contact support for this issue so we can help figure it out. We've seen a similar issue with WordPress that can be resolved by various plugins available in WordPress.
Someone also wrote something up on redirect loops and fixing in .htaccess (don't know if this will help).
To do this, add the following code to your .htaccess
#FileETag none
############################################
## FOR NGINX, LIGHTTPD, VARNISH OR ANY OTHER REVERSE PROXY TO APACHE
SetEnvIf X-Forwarded-Proto https HTTPS=on
Save.
You're done.
:D
Related
We have a website set up using the non WWW version of the website. At the moment when you access the WWW version of the domain it seems to redirect to www.ourdomain.com/index.php?p=index.html.
We are seeing the homepage template but with errors. (e.g. Images aren't loading). Does anyone know what would be the best way to fix what is happening or the potential causes.
You can use your browsers web inspector tools to see why assets like images aren't loading. Quite possibly it's because they are trying to load from the wrong domain.
If you didn't set the site URL in /craft/config/general.php then the URL set in your admin site settings will be used, so check that is correct first.
Removing the index.php?… part is covered in detail in Craft's Documentation so not worth repeating here.
I will be changing a www server to be ww2. Making a new server the www server. The new server has IIS 8.5 running, with https, ASP.Net/MVC. The old server does not have https.
I have some urls that users may have bookmarked to the old www. I would like those urls to still work (doesn't matter if the browser displays ww2). I have made sure those urls are unique and don't conflict with any resource/path on the new server. Some urls are a resource like .html others are any in a path. Do I put all of those urls in as redirects in IIS on my new server? Are redirects the best of accomplishing this?
I think what you're looking for is the URL_REWRITE Extension.
You can download it here: https://www.iis.net/downloads/microsoft/url-rewrite
Then apply the rewrite rules at the server level not the application level. This will allow you to easily control the the flow of any your old URLs to your new location.
Depending on how many you have theirs a few different ways you can do it with URL_Rewrite.
To get you started here's a bunch of tutorials on how to use it: https://www.iis.net/learn/extensions/url-rewrite-module
After you play with it and if have any specific questions, just ask on stackoverflow and tag the question with URL-REWRITE-MODULE
I just rebuilt my site to be responsive with Gantry 5 and Joomla. built in inmotion hosting server. moved it into a sub domain on my real sites server, www.umiultrasound.com/new. when i try to access the site to test it redirects to www.umiultrasound.com.
I have discussed this with my host, they say i have a wildcard redirect- i don't. they say to check my .htaccess file. i did but i do not see where i am redirecting / or www.mysite.com to itself.
they then recommended that i read one of your forum results. the one they sent didn't apply to me. hoping you can help
Check for any RewriteBase command in .htaccess. You could also temporarily copy the standard htaccess.txt over .htaccess to see if this makes any difference (backup .htaccess to .htaccess.old or similar first).
Also check your configuration.php file to see if the live_site parameter has been set.
I'm having some annoying problems with my domain http://www.armfilmbihar.com..
I have Cloudflare flexible SSL on my joomla 3.3 site, and it makes a https call, IF I type it myself >< When I try to force https to be used on my site via a htaccess file I get a loop error.
On using the page rules from cf website, it is loading but it is showing parts as insecure content and thus blocking. How do I change all of them to https so that content loads with ssl?
Did you try the information in our knowledge base about mixed content?
I am trying to enforce SSL on a folder (blog admin). That part is fine - all pages are SSL, but the site is generating error messages for insecure contents on the page. I can go after all those links individually, to enforce SSL on the links.
I was wondering if that could be done through htaccess alone?
This is what I have done for SSL enforcing on the admin folder:
#forcing https for admin folder
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} admin
RewriteRule ^(.*)$ https://mysite.com/blog/admin/$1 [R,L]
How can I convert all the non ssl links to ssl on the same page ?
Addition:
1) I am using wordpress 3.6 with different plugins that come along with it. Only the admin areas is SSL, and the rest of it, other than login page (that is outside of admin is also SSL) are non SSL (for example the Blog feed for the end users).
2) A few of insecure contents are coming from my own site, but then there are others which are coming from the plugins I am using. For example disqus commenting system, and flickr.
3) I can force the internal links for images, css, and jscript by simply using 'setting for permalink' on wordpress (noticed the url was provided as http and not https). Similarly, I can locate and fix the other links like this one:
The page at https://mysite.com/blog/wp-login.php ran insecure content
from
http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js?ver=3.6
4) The issue is:
If I use permalink setting, then the blog links are created as https
instead of http, and that breaks the plugins I am using for the non
SSL pages, for example disqus comment feed don't show up on the blog
page. Secondly, The painful process of fixing all the non ssl links.
Also, I can always miss out on some of them, since I am doing it
manually. It would be really helpful, if I could enforce SSL for all
these non SSL links using htaccess, perhaps the only easy solution.
Rewrite rules (which are in in fact redirections, when it's about HTTP to HTTPS) won't help, since by the time the initial plain HTTP request reaches the server, it's too late.
It's the links on the page you serve that must be addressed. This is generally up to the application (e.g. your PHP/CGI applcation) running on the server, not up to the server itself. The server would need to be able to process the content of the responses it sends to replace these links, not just redirect the requests (like mod_rewrite does).
mod_proxy_html (distributed with Apache 2.4 or separately in earlier versions) is a module that can to in-depth processing of the response, but I'm not sure whether it can be used as a post-processing tool for PHP running on the same server, to rewrite the links it sends.
Of course, this won't fix links to external resources that are not available via https:// anyway.